This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Erasure Technology: Ensuring Security, Savings and Compliance

Failed drives are a fact of life, but they don’t have to become a security risk, compliance nightmare or drain on personnel, writes Markku Willgren of Blancco. With low upfront and ongoing costs, hardware appliances help control loose drive security using an easy, efficient process.

Markku Willgren is President of US Operations for Blancco, where he focuses on the data security sector. His expertise encompasses asset disposal security and process efficiency, regulatory compliance and data erasure technology.

In data centers, swapping failed drives from a host system with new ones is a standard process for optimal operation of storage arrays and servers. Failed drives are typically stored, physically destroyed or sent back to OEMs with data intact, but these approaches present problems.

Stored or shipped drives are vulnerable to data breaches if a drive is lost or stolen. Physical destruction may not provide tamper-proof reports for regulatory compliance and can accumulate costs from not exercising OEM drive warranties.

Enhancing data security and compliance

Data centers can quickly accumulate failed “amber light” drives, as an estimated 2 percent of drives are replaced yearly. These drives could become at risk unless immediately erased.

A Compliance Standards poll found that lost or stolen devices affected nearly 58 percent of U.S. enterprises with 10,000 or more employees. For example, Coca Cola lost sensitive data of 74,000 employees this year due to theft at the IT decommissioning phase.

Erasing data from failed drives is critical, as up to 80 percent of them are still operational and vulnerable to data breach. Many industry standards and regulations like healthcare (HIPAA, HITECH), finance (GLBA, SOX, FACTA) and retail (PCI DSS) require data sanitization and proof of erasure for each drive in the form of auditable reports. Non-compliance may result in large fines, civil liability and costly damage to brand image.

Reaping cost savings from OEM warranties

A data center replacing 200 drives annually could save $240,000* with effective RMA processing. Quick and safe return of failed drives is possible with erasure policies and equipment in place.

In-house erasure of loose drives supports a secure chain-of-custody for transport to an OEM, without requiring specialized and expensive carriers, as for disks with intact data. Third-party on-site erasure or building your own erasure stations can be cost and labor prohibitive, so an appliance pre-loaded with advanced data erasure software can offer a cost-effective, long-term solution.

Implementing an improved, unified erasure process

Data centers gain control of loose drive decommissioning by using the right processes and equipment. A policy for prompt disk erasure that prohibits failed drive accumulation helps avoid data breaches from lost or stolen disks. Such policy is complemented by equipment that automates the in-house erasure process.

For security and efficiency, a hardware appliance with advanced data erasure software simultaneously erases SATA, SAS, Fiber Channel, and SCSI drives from all major OEMs, as well as SATA solid state drives (SSDs). The turnkey appliance supports efficient, regular “disk housekeeping.” Automatically created erasure reports provide critical information, like disk serial number, make and model, and erasure details. Reports can be saved to a centrally hosted asset management suite for a complete audit trail.

Getting the most from failed drives

Failed drives are a fact of life, but they don’t have to become a security risk, compliance nightmare or drain on personnel. With low upfront and ongoing costs, hardware appliances help control loose drive security using an easy, efficient process.

Backed by advanced data erasure software, an appliance conforms to rigorous erasure technology guidelines, such as DoD 5220.22-M and NIST 800-88. The ROI for an appliance is quickly achieved, especially when compared with the costs and risks of poor warranty drive return rates, a compliance failure or data breach.

*If an average new drive cost is $1,500 and 80 percent of the failed drives can be securely wiped.